As of April 11, 2007, (ISC)² has reported certifying 48,598 information security professionals in more than 120 countries. In June, 2004, the CISSP program earned the ANSIISO/IEC Standard 17024:2003 accreditation, the first IT certification to have done so.

It is formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories.

Security-cleared employees earn an average of 22 percent ($19,138 per year) more than their non-cleared counterparts, according to a salary survey done by a recruiting website for professionals with U.S. security clearances.

I read this interesting article by By Katherine Walsh on CSOOnline.com the other day. Those of us in the Washington DC Metro Area are very familiar with the benefits and privaledge of having a government security clearance.

Tuesday, April 29, 2008

The iPhone is pushing into BlackBerry’s turf for enterprise customers. Just announced, Check Point Software Technologies has added support for the iPhone through its VPN-1 product, a Virtual Private Networking (VPN) software tool.

VPN-1 supports secure Internet communication with the iPhone using the iPhone's embedded Layer 2 Transport Protocol (L2TP) client. That enables iPhone users communicating with enterprises that use Check Point's VPN-1 software to do so without the need for any additional software to be installed.

VPN-1 administrators can create specific log-in credentials for each iPhone users using a shared secret password and certificates for all iPhones on the network.Other features of the iPhone for enterprise are:

Push email

Push contacts

Push calendar

Global Address List

Certificates and identities

WPA2/802.1X

Enforced security policies

More VPN protocols

Device configuration

Remote wipe

From what I have been able to see of Apple the past few years, BlackBerry should be afraid.

· post secrets or embarrassing information, including pictures, for everyone to see· post gossip or rumors for the explicit purpose of damaging the person’s reputation· send out messages pretending to be the victim in an attempt to damage that person’s friendships· alienate the victim from online groups

For more information on cyberbullying and how to prevent and report it review the links below:

Tuesday, April 22, 2008

Canonical has announced the upcoming availability of Ubuntu 8.04 LTS Desktop Edition that will be available for free download on Thursday, April 24, 2008. The company has also announced the upcoming release of Ubuntu 8.04 LTS Server Edition.

Monday, April 21, 2008

You are invited to the 11th Annual New York State Cyber Security Conference. As in previous years the Conference will feature an excellent array of presentations and workshops by internationally recognized experts in the field of cyber security.

Discover methods to inspire a culture of cyber security in your organization. Hear first hand from practiced professionals where the industry is headed and how to navigate securely.

Friday, April 18, 2008

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting including industry leaders Microsoft, Cisco, Google and new startups. Briefings tracks include many updated topics plus the always popular ones including Zero Day Attacks/Defenses, Bots, Application Security, Deep Knowledge and Turbo Talks. Register early for the best rates. www.blackhat.com

A Miami-based system integrator that's selling an unauthorized Mac clone called Open Computer has closed its online store.Psystar, on its Web site Wednesday, said its Internet store is closed because "we are currently unable to process any credit card transactions." Psystar did not provide an explanation for the problem, which it called temporary.

Despite the closure of its online store, Psystar is continuing to advertise its Mac clone.One version of Psystar's Open Computer features Apple's Leopard OS X 10.5 operating system ported onto generic PC hardware that includes an Intel Core2Duo processor at 2.66 GHz, a 250 GB hard drive and an Nvidia GeForce 8600 GT graphics card.The system is priced at $804.99. A similar, Apple-branded computer would cost more than $2,000.

But would-be buyers can't order an Open Computer due to the apparent failure of Psystar's e-commerce system.

Psystar said it's fulfilling orders placed before its credit card processing system went down. "For customers who have already placed orders: if you received a confirmation e-mail then your item is in queue to be built and shipped," says a note on the company's site.Psystar changed the name of its Mac clone from OpenMac to Open Computer earlier this week -- perhaps in response to anticipated legal pressure from Apple. Apple's end user license agreement forbids the installation or use of Leopard on third party hardware.Business records show that Psystar is a small company operated by Miami residents Rodolfo Pedraza and Roberto Pedraza.

On Monday, a Psystar representative who would identify himself only as "Robert" said the company is not concerned about legal action by Apple. "We're not breaking any laws," Robert insisted in a telephone interview.

Psystar may be willing to have its right to sell Mac clones tested in court, Robert implied. "What if Microsoft said you could only install Windows on Dell computers?" he said. "What if Honda said that, after you buy their car, you could only drive it on the roads they said you could?" he added.Robert also accused Apple of marking up the hardware on which its operating systems run by as much as 80%.

Psystar's Web site was up and running as of Wednesday afternoon -- except for the online store portion. The site was offline earlier this week as news of the company's Mac clone spread across the Internet.

According to Psystar, the base configuration for their machine includes a 2.2 GHz Intel Core Duo processor, 2GB of memory, integrated Intel GMA 950 Graphics, 20x DVD +/-R SATA drive, four USB ports, and it comes preinstalled with Leopard. Sounds pretty sweet,right? ...Except for the fact that it's technically illegal to run Apple software on non-Apple equipment.

Something smelled fishy to tech reporters who had never heard of the manufacturer, so they began researching the identity and origins of the mysterious Psystar Corporation. The Guardian reported that they were unable to get answers to basic questions about the company from the contact listed online, that the headquarters had actually moved twice in a 24 hour period, and that there were no Google results for Psystar prior to this week. And earlier this week, the online store at Psystar.com suddenly shut down due to “problems with its ecommerce system.”

Apple has kept mum about the whole thing despite Psystar's defiant (and inaccurate) statement that Apple is acting as a "hardware monopoly." The Psystar Web site states: "Psystar has assembled a system that is completely operational with Leopard called the Open Computer. We call it the Open Computer to reflect the opening of what has previously been a hardware monopoly,"

While the controversy shakes out (Will customers get their Open Computers? Will they work? How long until Apple gives Psystar the smackdown?) we've got a suggestion for Leopard-loving scofflaws. Rather than buying an Open Computer, you could just make your own. A while back, Lifehacker posted some very thorough instructions for building a “Hackintosh” and while the parts will run you close to $800, you will at least be guaranteed an actual, physical computer. However, if you’re not up to the hack and that $399 is still burning a hole in your pocket, my uncle’s got some land in Florida you might be interested in...

Internet Botnets: The Storm Botnet is not the Big Kid on the Block Anymore, Hello Kraken

Botnet is a term for a collection of software robots or bots on compromised computer systems called zombie computers. The majority of these computers are running Microsoft Windows operating systems, but other operating systems have been known to be affected as well. A botnet's originator is called "bot herder" and can control the group remotely using IRC to conduct malicious activities.

The Storm botnet once considered the biggest botnet network with capabilities to force entire countries off the Internet as been replace with the Kraken botnet.

Karken Botnet:

As of April 2008, the Kraken botnet is the world's largest botnet, according to researchers at the computer security company Damballa. They state that Kraken has infected machines in at least 50 of the Fortune 500 companies and has reached the size of over 400,000 bots. The Kraken botnet virus may have been designed to evade anti-virus software, and is apparently virtually undetectable to conventional anti-virus software.

A full write on malware and these specific botnets can be located on SecurityOrb.com

- Identifies and allows for safe temporary removal of HPA, DCO and/or HPA/DCO combination... SAFE Block replaces the HPA and DCO when you are done and no longer requires access to the hidden area of the disk.

- ForensicSoft will be adding Vista support to SAFE Block in the near future, as well as Software RAID blocking/unblocking capabilities. All updates will be free to licensed users.

Hacker Halted USA 2008 is a truly international platform for IT Security professionals. Hosted by EC-Council, this conference will feature some of the top speakers in the world, and will raise international awareness towards increased education and ethics in Information Security.

Delegates who register for Hacker Halted USA will also be able to attend the Techno Security Conference at no additional cost. Hacker Halted USA will be one of the significant information security events in North America for 2008.

Wednesday, April 9, 2008

In April of 2007, a widespread Distributed Denial of Service (DDoS) attack on Estonia’s government and banking Web sites took place. The attack seemed to have been motivated by the relocation of the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move caused rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow.

A DDoS attack is one in which a massive amount of compromised systems attack a single target, thereby causing denial of service and access for authorized users of the targeted system.

Shortly after the attack the US government sent security professionals experience in cyberattack, incident response and forensics analysis from the U.S. Department of Homeland Security's US-CERT and the U.S. Secret Service to assist in analyzing the large volume of data that was generated by the attacks and with training on incident response and computer crime investigations.

In April of 2008, there is a strong chance on the anniversary month of last year’s attack, that we may see another attempt to bring down Estonia’s government and banking network again. The Estonian government should be on high alert by increasing monitoring and logging capabilities. In fact, all security centers world wide should be on alert as well to help prevent this event from taking place if an attack were to occur again.

Past case of a cyberattack:

The 2002 Olympics a few years ago with the Apolo Ohno controversy. (In 2002 at the Salt Lake City Games, Ohno won the gold medal in the 1,500-meter speed-skating race after South Korean Kim Dong-Sung was disqualified; soon after, several United States-based servers were hit with a DDoS attack from machines that appeared to be based in South Korea.)

Monday, April 7, 2008

Microsoft has plans to stop selling Windows XP on Jan. 31, 2009 and to cut off support of the operating system will soon occur in an effort to push their Windows Vista operating system. This is not a good thing for since Windows XP is the most widely used operating system and Windows Vista has been plagued with issues.

I can see the market share for Linux becoming very favorable in the low end PC and laptop market.

Friday, April 4, 2008

Even if you have done everything possible to protect the organizational information processing assets, that fact is you may find yourself having to recover from a system compromised or system failure. Regardless of the cause, the goal is to have the system returned to operational status as soon as possible. The best way is to be prepared by having a disaster planning and recovery process in place.

Disaster recovery is the process of rebuilding a system to a known working state after an event. An event can be anything from an external system compromise, to an internal user error or a system hardware/software failure. To properly prepare for all aspects, provisions for the following must be considered: